mirror of
https://github.com/torvalds/linux.git
synced 2026-04-18 06:44:00 -04:00
net: mctp: defer creation of dst after source-address check
Sashiko reports: > mctp_dst_from_route() increments the device reference count by calling > mctp_dev_hold(). When a valid route is found and dst is NULL, the > structure copy is bypassed and rc is set to 0. Instead of optimistically creating a dst from the final route (then releasing it if the saddr is invalid), perform the saddr check first. This means we don't have an unuecessary hold/release on the dev, which could leak if the dst pointer is NULL. No caller passes a NULL dst at present though (so the leak is not possible), but this is an intended use of mctp_dst_from_route(). Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20260403-dev-mctp-dst-defer-v1-1-9c2c55faf9e9@codeconstruct.com.au Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Jeremy Kerr
committed by
Jakub Kicinski
Jakub Kicinski
parent
70e32aadb5
commit
f32ba09631
@@ -897,7 +897,8 @@ static mctp_eid_t mctp_dev_saddr(struct mctp_dev *dev)
|
||||
|
||||
/* must only be called on a direct route, as the final output hop */
|
||||
static void mctp_dst_from_route(struct mctp_dst *dst, mctp_eid_t eid,
|
||||
unsigned int mtu, struct mctp_route *route)
|
||||
mctp_eid_t saddr, unsigned int mtu,
|
||||
struct mctp_route *route)
|
||||
{
|
||||
mctp_dev_hold(route->dev);
|
||||
dst->nexthop = eid;
|
||||
@@ -907,7 +908,7 @@ static void mctp_dst_from_route(struct mctp_dst *dst, mctp_eid_t eid,
|
||||
dst->mtu = min(dst->mtu, mtu);
|
||||
dst->halen = 0;
|
||||
dst->output = route->output;
|
||||
dst->saddr = mctp_dev_saddr(route->dev);
|
||||
dst->saddr = saddr;
|
||||
}
|
||||
|
||||
int mctp_dst_from_extaddr(struct mctp_dst *dst, struct net *net, int ifindex,
|
||||
@@ -975,7 +976,6 @@ int mctp_route_lookup(struct net *net, unsigned int dnet,
|
||||
{
|
||||
const unsigned int max_depth = 32;
|
||||
unsigned int depth, mtu = 0;
|
||||
struct mctp_dst dst_tmp;
|
||||
int rc = -EHOSTUNREACH;
|
||||
|
||||
rcu_read_lock();
|
||||
@@ -996,15 +996,15 @@ int mctp_route_lookup(struct net *net, unsigned int dnet,
|
||||
mtu = mtu ?: rt->mtu;
|
||||
|
||||
if (rt->dst_type == MCTP_ROUTE_DIRECT) {
|
||||
mctp_dst_from_route(&dst_tmp, daddr, mtu, rt);
|
||||
mctp_eid_t saddr = mctp_dev_saddr(rt->dev);
|
||||
|
||||
/* cannot do gateway-ed routes without a src */
|
||||
if (dst_tmp.saddr == MCTP_ADDR_NULL && depth != 0) {
|
||||
mctp_dst_release(&dst_tmp);
|
||||
} else {
|
||||
if (dst)
|
||||
*dst = dst_tmp;
|
||||
rc = 0;
|
||||
}
|
||||
if (saddr == MCTP_ADDR_NULL && depth != 0)
|
||||
break;
|
||||
|
||||
if (dst)
|
||||
mctp_dst_from_route(dst, daddr, saddr, mtu, rt);
|
||||
rc = 0;
|
||||
break;
|
||||
|
||||
} else if (rt->dst_type == MCTP_ROUTE_GATEWAY) {
|
||||
|
||||
Reference in New Issue
Block a user